lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Jun 2008 21:26:35 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com>
Subject: Re: Joel Esler comment on Sans ISC podcast

On Wed, Jun 18, 2008 at 5:56 PM, Joel Esler <joel.esler@....com> wrote:
> On Jun 18, 2008, at 12:26 PM, n3td3v wrote:
>
> Joel Esler said he doesn't switch his phone off on flights and that
> anyone who is on a plane with him should watch out.
>
> First of all, I said "before I got the iPhone with the 'airplane' mode"  I'd
> forget to turn off my phone alot, i'd throw it in my briefcase when I'd go
> through security, and forget it's in there.  Heck I've seen people actually
> been able to receive calls on their crackberries while in mid flight.  Not
> that they answered them.  But I've seen the phones ring.  I have an iPhone
> now, I place it in airplane mode when I get on a flight.

Why did you tell people to be careful when you're on a flight? Does
that mean you're planning to fly again with your device turned on and
that you suspect it will mess with the planes electronics?

> There are actually studies going on RIGHT NOW to see if phones can be
> allowed to be used during flights by the FCC/FAA, and in other countries as
> well.

I hope they consider this incident before making up their mind...

They (experts) suspect a radio frequency messed with the electronics,
one that was being used by MI5 to block mobile phone signals.

"An offical probe into the Heathrow crash has focused on the high-tech
jamming device which shields Gordon Brown from terrorist attack.

When the Boeing 777 crashed on January 17 it passed just feet above
the Prime Minister's official car as he was driven to the airport to
board a flight to Beijing.

Inside the car is a jammer which broadcasts radio signals 100 times
more powerful than a mobile phone.

The device is designed to block signals which MI5 say terrorists use
to blow up remote-control bombs."

http://www.sundaymirror.co.uk/news/sunday/2008/04/27/gordon-bown-in-a-jam-98487-20396286/

"WASHINGTON — A total electronics failure reportedly occurred before
the crash of a British Airways 777 at London's Heathrow Airport on
Thursday (Jan. 17).
All 136 passengers and 16 crew members escaped from the British
Airways flight from Beijing. The BBC reported that 13 passengers were
injured.

An airport worker told the BBC that the pilot of the Boeing 777 lost
all power, and had to glide the plane to a landing. The plane's
landing gear collapsed after crash landing.

The BBC said the airport worker was told by the pilot that all
aircraft electronics had failed and that the crew had no warning of a
problem. "It just went," the worker was quoted as saying. "It's a
miracle. The [pilot] deserves a medal as big as a frying pan."

http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=205900406

"Computer glitch:This happened with a Malaysian Airlines 777 and a
former 777 captain told The Sunday Times that for both engines to fail
at the same time "it has got to be commanded" - ie, it was computer
error in controlling the engines. Verdict: possible and many experts'
prime concern "

http://www.timesonline.co.uk/tol/news/uk/article3216746.ece

"The British Airways plane that crash landed at Heathrow today was a
Boeing 777 - currently regarded as the safest aeroplane in the world
by aviation experts.

The plane has only been in use for seven years and is the first
aircraft of its kind to have been designed by computers and boasts the
latest "avionic and navigational systems".

The Boeing 777 has a number of variant models - such as the 777-200ER
and 777-300ER - but all the models being flown around the world
currently have a clean safety record."

http://www.dailymail.co.uk/news/article-508869/Boeing-777-crash-landed-Heathrow-safest-aeroplanes-world-say-experts.html

> Personally I hope this doesn't go through, as I don't want to be sitting
> next to some dude during my 100,000+ miles I fly a year to hear yacking the
> whole flight.
>

I'd be more concerned about terrorists using the phone to trigger some
kind of security vulnerability with the planes electronics than having
my sleep disturbed by a single mom or retired couple muttering away on
the phone.

I think all gadgets and gizmos should be banned from flights incase of
0-day vulnerabilities that are unknown about and cause a system
failure.

> Is this some kind of dry american humour that i'm missing here or is
> that not even funny?
>
> yes, It was a joke.  Sorry if it was in bad taste.
>

If it was just a joke in a bar then it might be funny, it was a joke
during a Sans internet storm center podcast on a segment about
bluetooth vulnerabilities, and you and your co-workers were just
laughing and a joking like you were in a bar about leaving your phone
on and telling people to be careful if they were on the same flight as
you.

Even if I overheard you telling that joke in a bar I would probably
walk over and question you about it, or possibly just call the police.

If you had made the same joke at the airport terminal and an airport
official overheard you, in Britian you would have been arrested by
anti-terrorism police... I don't know what the rules are in U.S.A
about jokes about flights you are about to get onto.

You have a responsibility to your readers and listeners who may be
easily infulenced, like the young (teens) who may actually see you
guys as a role model.

You're doing a public podcast about security vulnerabilities and in
that context what you said was shocking and totally irresponsible.

> --
> Joel Esler
>   joel.esler@....com
>   http://blog.joelesler.net
> [m]
>
>
>

I'm not saying you should be banned from flying by the TSA, I just
said it to grab your attention and realise the seriousness of what you
said in the context of a podcast which is talking about security
vulnerabilities and the fact there is still a flight that crash landed
at heathrow that experts still don't know the cause of.

Again, with British radio shows we have a body called Ofcom who
regulates what can and can't be said in public broadcasts, I don't
know if they regulate internet podcasts as well or wether there is an
American equivalent or not, but if you were in Britian and Ofcom
controlled public broadcasts via internet podcasts, you guys would
probably be getting fined for your comment. http://www.ofcom.org.uk/

This is probably a sign that public broadcasts via internet podcasts
need to be regulated in the same way as TV and ordinary radio shows
are.

I hope MI5 are keeping an eye on you anyway on the next scheduled
flight you make in and out of the U.K. just to make sure you're not
cracking any jokes which may alarm passengers, especially after you've
had a couple of shandy's at the airport bar and are feeling in a
humourous mood.

All the best,

n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ